A payment card security issue reported by Chipotle Mexican Grill in April has been traced back to malware placed on point-of-sale devices at some Chipotle and Pizzeria Locale restaurants between March 24, 2017 and April 18, 2017, according to Chipotle.
The malware was designed to access payment card data from debit and credit cards, according to the result of an investigation that included cybersecurity firms, law enforcement and the payment card networks, according to Chipotle.
Not all locations were impacted, and the specific time frames vary by location, the company reported.
It’s been rough going for Chipotle lately. A food poisoning outbreak in 2015 drove profits down and now a POS breach has subjected customers to a whole different type of risk. The restaurant chain did not specify how many people may have been affected, but reported that it is working with cybersecurity firms to improve its security posture.
POS devices are often at the root of cyberbreaches at hotels, retailers and food establishments. Despite increased awareness of the risks, cybercriminals still appear to break into such systems with ease on a consistent basis, putting consumer data at constant peril.
Time and again, network endpoints are revealed as the security weaknesses in a system. Companies that use POS systems will want to ensure they are utilizing the best security practices possible to avoid a PR debacle like the one Chipotle is facing now.